Backing up TrueCrypt volumes and backing up to TrueCrypt volumes tend easily
to confuse people.
In this audio segment from an Ask Leo! webinar, I’ll discuss how
backing up and TrueCrypt relate and review what I do to backup my TrueCrypt
Leo, how do you perform a backup to an external drive that is TrueCrypted? It might sound stupid, I know. [Leo: No, not at all.] You just mount a drive on the external hard drive then backup will know to backup into TrueCrypt?
So it’s actually … TrueCrypted backup is a really interesting combination of things. First of all, TrueCrypt doesn’t know about backups and backups don’t know about TrueCrypt. They don’t need to know about each other.
What you have to realize about TrueCrypt is that regardless of how you use it, the way it manifests to your operating system is as a drive so whether you have whole drive encryption (which you might be using for your external drive)… I actually have an external drive; the one I travel with is whole drive encrypted. Once you mount that drive, and by mount, you actually go through the process of TrueCrypt specifying a password for that drive so that they can appear on your system, you can then use it just like any other drive.
So can your backup software. The backup software, if it [the Truecrypt volume] mounts as drive Q:, then you just tell your backup software to backup to drive Q:. The same thing for TrueCrypt containers; when you’re not necessarily doing whole drive encryption, the container… Once the container is mounted, it simply looks like a drive. I actually, on my desktop machine, I use TrueCrypt, I’ve got like a 200 GB TrueCrypt container file that is my primary workspace and it just looks like drive F.
So, if I wanted to run a backup, I could tell the backup software to just throw
the backups on drive F and they would basically get thrown into the mounted
TrueCrypt volume that (once it’s dismounted, of course) is encrypted. You can
get at it. So the short answer is, “Sure, no problem.” Just make sure
telling you’re mounting the drive however it is you mount your TrueCrypt
encrypted drives, be they containers or whole drive encryption and then tell
your backup program, ‘Hey, use drive whatever – Q:.’ Then that is the drive that
appeared when you mounted your TrueCrypt drive.
Everything should be just fine. Now one of the other questions commonly the reverse and that is when I have a bunch of data in a TrueCrypt container as I do, how should I back that up? Do I back up the container; do I back up the data? There’s two schools of thought on that. I back up the container. What that means is and it’s just one file, it’s great.
It’s one file that then contains all of my protected files within it. It’s not 200 GB, by the way; this is a smaller one. It’s much more manageable for backing up. The smaller one actually has all of my personal financial things. I just back up that file. I back it up in multiple places and what’s nice about that is I don’t need to take any additional security precautions.
I know that container file (if it’s not mounted) is just so much noise. Everything that’s in the container is protected. The only to get at the contents of the container is to know the password or in my case, the passphrase and I ain’t gonna tell you that so that data is safe. The other thing… the problem with that scenario though, of course, is that in order to access the data, you need TrueCrypt.
You must have TrueCrypt in order to be able to mount and actually read the contents of that container that backed up container. So the other school of thought is mount the container and then back up the files within it. In other words, if the container shows up as drive Q and those are all your protected files, back up those files.
The downside there, of course, is that you now must take security precautions for your backup because your backup now contains unencrypted clear potentially private files that you normally would want to have encrypted. So there’s two ways to go about that. Like I said, I tend to choose… I mean TrueCrypt has proven to me to be so reliable and so ubiquitous that I’m very happy just backing up a TrueCrypt container file and going from there.